KN-Cipher
Encyclopedia
In cryptography
, KN-Cipher is a block cipher
created by Kaisa Nyberg
and Lars Knudsen
in 1995. One of the first ciphers designed to be provably secure
against ordinary differential cryptanalysis
, KN-Cipher was later broken using higher order differential cryptanalysis
.
Presented as "a prototype...compatible with DES
", the algorithm has a 64-bit block size
and a 6-round Feistel network
structure. The round function is based on the cube
operation in the finite field
GF(233).
The designers did not specify any key schedule
for the cipher; they state, "All round keys should be independent, therefore we need at least 198 key bits."
breaks KN-Cipher with only 512 chosen plaintexts and 241 running time, or with 32 chosen plaintexts and 270 running time.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, KN-Cipher is a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
created by Kaisa Nyberg
Kaisa Nyberg
Kaisa Nyberg is a cryptographer and computer security researcher, currently a professor at Helsinki University of Technology. Her notable work includes the theory of perfect nonlinear S-boxes , provably secure block cipher design , and the cryptanalysis of the stream ciphers E0 and SNOW.Nyberg...
and Lars Knudsen
Lars Knudsen
Lars Ramkilde Knudsen is a Danish researcher in cryptography, particularly interested in the design and analysis of block ciphers, hash functions and message authentication codes .-Academic:...
in 1995. One of the first ciphers designed to be provably secure
Provable security
In cryptography, a system has provable security if its security requirements can be stated formally in an adversarial model, as opposed to heuristically, with clear assumptions that the adversary has access to the system as well as enough computational resources...
against ordinary differential cryptanalysis
Differential cryptanalysis
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output...
, KN-Cipher was later broken using higher order differential cryptanalysis
Higher order differential cryptanalysis
In cryptography, higher-order differential cryptanalysis is a generalization of differential cryptanalysis, an attack against block ciphers. Developed in 1994 by Lars Knudsen, the technique has been applied to a number of ciphers...
.
Presented as "a prototype...compatible with DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
", the algorithm has a 64-bit block size
Block size (cryptography)
In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...
and a 6-round Feistel network
Feistel cipher
In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel who did pioneering research while working for IBM ; it is also commonly known as a Feistel network. A large proportion of block...
structure. The round function is based on the cube
Cube (arithmetic)
In arithmetic and algebra, the cube of a number n is its third power — the result of the number multiplying by itself three times:...
operation in the finite field
Finite field
In abstract algebra, a finite field or Galois field is a field that contains a finite number of elements. Finite fields are important in number theory, algebraic geometry, Galois theory, cryptography, and coding theory...
GF(233).
The designers did not specify any key schedule
Key schedule
[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...
for the cipher; they state, "All round keys should be independent, therefore we need at least 198 key bits."
Cryptanalysis
Jakobsen & Knudsen's higher order differential cryptanalysisHigher order differential cryptanalysis
In cryptography, higher-order differential cryptanalysis is a generalization of differential cryptanalysis, an attack against block ciphers. Developed in 1994 by Lars Knudsen, the technique has been applied to a number of ciphers...
breaks KN-Cipher with only 512 chosen plaintexts and 241 running time, or with 32 chosen plaintexts and 270 running time.